ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1056) #40
Description
OpenSRS have recently mucked up their server configuration so it is sending a preferred cipher list with INVALID ciphers first*. This means every correctly configured client is refusing to connect after attempting to use the server's preferred cipher and finding its key is smaller than the certificate key.
Their support response was literally to refuse to accept responsibility for this misconfiguration and insist that every single client has to hack around and avoid the invalid ciphers. I am not even joking, I have been back and forth with them repeatedly and they will not fix this, they consider fixing their production servers to work correctly again to be a feature request and that I should submit it on their feature request forum (which has evidently not even been looked at in years judging from the amount of spam on it)..
This patch will hack around the issue on the client side:
diff --git a/opensrs/xcp.py b/opensrs/xcp.py
index cc590fc..70119f0 100644
--- a/opensrs/xcp.py
+++ b/opensrs/xcp.py
@@ -5,6 +5,7 @@ try:
except ImportError:
from urllib2 import urlopen, Request
from xml.etree import ElementTree as ET
+from ssl import SSLContext
from opensrs.errors import XCPError
@@ -149,7 +150,10 @@ class XCPChannel(object):
timeout = message.timeout or self.default_timeout
log.debug('Making XCP call with timeout = %s', timeout)
- xml = urlopen(request, message.get_content(), timeout).read()
+
+ ctx = SSLContext()
+ ctx.set_ciphers('DEFAULT:!DH')
+ xml = urlopen(request, message.get_content(), timeout, context=ctx).read()
return OPSMessage(xml=xml)
def make_request(self, message):
* snipped debug:
$ openssl s_client -tls1_2 rr-n1-tor.opensrs.net:55443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust RSA CA 2018
verify return:1
depth=0 C = CA, ST = Ontario, L = Toronto, O = Tucows.Com Co., CN = *.opensrs.net
verify return:1
139947124814976:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2150:
[snip]
$ nmap --script ssl-enum-ciphers -p 55443 rr-n1-tor.opensrs.net
Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-05 11:21 GMT
Nmap scan report for rr-n1-tor.opensrs.net (216.40.33.39)
Host is up (0.088s latency).
PORT STATE SERVICE
55443/tcp open unknown
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| Key exchange (dh 1024) of lower strength than certificate key
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| Key exchange (dh 1024) of lower strength than certificate key
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| Key exchange (dh 1024) of lower strength than certificate key
|_ least strength: A
Nmap done: 1 IP address (1 host up) scanned in 8.47 seconds